In general, a standard system upgrade is sufficient to effect thenecessary changes.

Details follow:

It was discovered that the wordwrap function did not correctlycheck lengths. Remote attackers could exploit this to causea crash or monopolize CPU resources, resulting in a denial ofservice. (CVE-2007-3998)

Integer overflows were discovered in the strspn and strcspn functions.Attackers could exploit this to read arbitrary areas of memory, possiblygaining access to sensitive information. (CVE-2007-4657)

It was discovered that the php_openssl_make_REQ function did notcorrectly check buffer lengths. A remote attacker could send aspecially crafted message and execute arbitrary code with applicationprivileges. (CVE-2007-4662)

It was discovered that certain characters in session cookies were nothandled correctly. A remote attacker could injection values which couldlead to altered application behavior, potentially gaining additionalprivileges. (CVE-2007-3799)

Stefan Esser discovered that deeply nested arrays could be made tofill stack space. A remote attacker could exploit this to cause acrash or monopolize CPU resources, resulting in a denial of service.(CVE-2007-1285, CVE-2007-4670)

Rasmus Lerdorf discovered that the htmlentities and htmlspecialcharsfunctions did not correctly stop when handling partial multibytesequences. A remote attacker could exploit this to read certain areas ofmemory, possibly gaining access to sensitive information. (CVE-2007-5898)

It was discovered that the output_add_rewrite_var fucntion wouldsometimes leak session id information to forms targeting remote URLs.Malicious remote sites could use this information to gain access to aPHP application user's login credentials. (CVE-2007-5899)